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REMARKS 

This paper is responsive to the "final" office action of April 7, 2005. Applicants request 
entry of the above amendment. Note : the front page office action indicated both that it was 
FINAL and that it was NON-FINAL. Nowhere in the body of the office action is there any 
indication that the office action was intended to be final. A check of the PTO's PAIR web site 
showed both that the action was FINAL (as reflected in the 'transaction history" view) and 
NON-FINAL (as reflected in the "image file wrapper" view). 

REQUEST THAT IDS BE CONSIDERED AND RETURNED 

The IDS filed on November 23, 2004 was not initialed and returned with the office 
action. Applicants request that the IDS be considered and returned with the next paper. 

DISCUSSION 

Claims 1-2, 4-32, and 34-46 stand rejected in the office action. By this amendment, 
claims 14, 16-18, 23, 25, and 39-44 have been newly canceled to advance prosecution. Claims 
1-2, 4-13, 15, 19-22, 24, 26-32, 34-38, and 45-46 remain pending, and new claims 47-56 have 
been added. 

In the office action, claims 1-3, 7-8, 11-33 and 36-46 were rejected as being anticipated 
by TunnelBuilder for Mac User's Guide. Claims 1, 4, 5, 27, 34, and 35 were rejected as being 
anticipated by Tunnel Builder 4.01 for Windows Website. Claims 6, 9, and 10 were rejected as 
being unpatentable over Tunnel Builder for Mac User's Guide in view of van der Sijpt. 

All independent claims have been amended to more clearly define the features recited 
therein. In independent claims 1, 19, 21, 24, 26, 27, and 45, the term "address" has been 
amended to recite "identification" since the invention is not limited to an IP address but 
encompass IP addresses and other forms of identification including but not limited to user 
names, proxy names and proxy IP addresses and the like. 

Independent claim 1 has been amended to recite that the first computer transmits an 
encrypted identification of the second computer in an HTTP message to the first server, wherein 
the HTTP message is transmitted through a firewall port that is normally open bv default to 
Internet traffic . Independent claims 19, 21, 24, 26, 27, and 45 have been similarly amended to 
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recite that various messages recited therein are transmitted through a firewall port that is 
normally open by default to Internet traffic. Dependent claim 4 has similarly been amended to 
recite that both first and second clients use an open firewall port that is normally open by default 
to Internet traffic. Nothing in the prior art cited in the office action discloses these features in 
combination with the other claim elements are recited. 

The TunnerlBuilder for Mac User's Guide describes a tunneling system that allows one 
to create a tunnel in a corporate firewall to reach a server inside a corporate network. See pages 
1-3 and 4-15 through 4-18. However, the tunneling system of TunnelBuilder is based on a 
computer outside a firewall accessing the TunnelBuilder server inside the firewall directly. This 
means that the firewall has been modified to permit direct addressing of TunnelBuilder Server. 
This is performed by using the inbound ports to the TunnelBuilder server as made available by 
"holes" in the firewall. This is distinguishable from the invention as claimed, which permits 
existing firewalls to be used without modification since a firewall port that is by default 
configured to permit Internet traffic to pass can be used to send messages. This advantage is 
highlighted in the present specification, for example, in paragraphs 8 and 32-40. Consequently, 
the claims as amended are allowable over the cited documents. 

The same applies regarding the TunnelBuilder for Windows document. TunnelBuilder 
for Windows fails to disclose the use of firewall ports that are normally open by default to 
Internet traffic. Instead, TunnelBuilder for Windows is based on the use of opening "holes" in 
firewalls, thereby permitting access to inbound ports of the TunnelBuilder server (located inside 
the firewall). Accordingly, the rejected claims are distinguishable for this reason. 

Independent claims 19 and 21 as amended further recite that the encrypted message is 
transmitted to the second computer while decrypting an identification of the second computer 
without decrypting the encrypted message . Independent claims 24, 26, 27, and 45 contain a 
similar limitation requiring that a message be encrypted such that it can only be decrypted by the 
second computer . Dependent claim 2 as amended recites a similar feature. This preserves 
security between two clients while using an intermediate server. In contrast, TunnelBuilder 
decrypts the messages that were tunneled through the firewall at the server (with the server 
located inside the firewall). This feature is therefore distinguishable from Tunnelbuilder. 

Other minor amendments have been made to the claims. For example, dependent claims 
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1 5 and 46 have been amended to recite other header parameters that can be used. No new matter 
has been added. 

NEW CLAIMS 

New claims 47-56 have been added, of which claims 47 and 55 are independent. 

New independent claim 47 recites the feature of receiving a first HTTP message through 
a first firewall associated with a first computer through a port that is normally open by default to 
Internet traffic, and a second HTTP message from a second computer through a second firewall 
through a port that is normally open to Internet traffic, then transmitting contents of the first 
message to the second computer through a return path established by the second message. These 
features are not shown or suggested by the cited documents for reasons similar to those 
explained above. New dependent claim 48 specifically recites that the HTTP messages are 
POST messages. New dependent claim 49 specifically recites that the steps of claim 47 are 
performed on an intermediate server computer that is separate from the first and second 
computers. New dependent claim 50 recites transmission of encrypted content between the three 
computers, and new dependent claim 51 specifically recites that certain parts of the encrypted 
content are decrypted by the intermediate computer and then re-encrypted before further 
transmission. New dependent claim 52 specifically recites a step of receiving a third HTTP 
message from the second computer through one of the default open firewall ports, and 
transmitting contents from that third HTTP message to the first computer. New dependent claim 
53 specifically recites periodically transmitting a message to avoid a time-out condition on the 
second computer, and new dependent claim 54 specifically recites a step of authenticating that 
the first computer is authorized to communicate with the second computer prior to transmitting 
the message. These features, as recited above, are not shown or disclosed in the cited 
documents. 

Finally, new independent claim 55 recites a method including steps of transmitting a first 
HTTP POST message through a first firewall port that is normally open to Internet traffic, 
wherein the message requests establishment of a connection between the first computer and an 
intermediate computer; receiving a response including a connection identifier corresponding to 
the first return path; periodically transmitting "keep alive" messages between the first computer 
and intermediate computer; exchanging encryption keys between the first and intermediate 
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computers; repeating the above steps between a second computer and the intermediate computer; 
transmitting encrypted information from the first computer to the intermediate computer over the 
first return path; and transmitting the encrypted information from the intermediate computer over 
the second return path. New dependent claim 56 further recites the step of decrypting encrypted 
information in the intermediate server computer then re-encrypting the information using 
encryption keys. These features are not shown or suggested in the cited documents. 



For the above reasons, allowance of the claims as amended is requested. 

The Commissioner is authorized to debit our Deposit Account No. 19-0733 for the new 
claim fees and any additional fees. If there are any questions, the Examiner is invited to contact 
the undersigned. 



Respectfully submitted, 



By: 




Bradley C. Wright 
Reg. No. 38,061 



BANNER & WITCOFF, LTD. 
1001 G Street, N.W., 1 1th Floor 
Washington, D.C. 20001 
(202) 508-9100 



Dated: October jf, 2005 
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